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DETAILED ACTION 

1. Claims 1-4, and 8-33 are pending in this examination; claims 25-33 are 
withdrawn from consideration as being drawn to a nonelected invention. The Office 
acknowledges the cancellation of claims 5-7. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on October 30, 2005 is in 
compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure 
statement has been considered by the examiner. 

Claim Rejections - 35 USC §103 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claims 1-4 and 8-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shwed et al. (USPN 5,835,726) (hereinafter Shwed). 

4. Referring to claim 1 , Shwed discloses a programmable packet based network 
having plural nodes for providing services to network subscribers, the network 
comprising: 

a service creation tool (i.e. a GUI) having an operator interface for programming 
a service definition package (i.e. rule base), the service definition package having one 
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or more packet processing behaviors (i.e. rules) defined in a network programming 
language (i.e. the graphical language used by the user) (Figure 3, all; col. 6, line 39 to 
col. 8, line 10); 

a service control center (i.e. system administrator 102) interfaced with the packet 
based network (i.e. connected) and operable to accept the service definition package 
for deployment to the predetermined network nodes (i.e. workstations or gateways at 
which protection is desired) (col. 6, lines 10-50), the service control center having a 
service layer (i.e. GUI, providing a service to the user), an execution layer (i.e. compiler, 
executing the code generated by the user), and an infrastructure layer (i.e. the hardware 
executing the software 212) (col. 5, lines 55-67; col. 6, lines 40-50), wherein said 
service layer comprises service rules (i.e. programmed rules) and a dataflow program 
(i.e. a program executed by the processors to control behavior of the packet processing 
system) and said execution layer includes a dataflow processor (an inherent feature, 
otherwise there would be no hardware to execute the programs necessary to carry out 
the packet processing behaviors); and 

at least one network node (i.e. gateways or workstations) interfaced with the 
network the node having a network processor (an inherent feature if connected to the 
network), the node operable to perform the one or more packet processing behaviors 
translated from the network programming language (i.e. perform the function that is 
desired) (col. 6, lines 40-45). 

5. Shwed does not specifically state that the execution layer includes an expert 
system, however expert systems are well known in the art in packet sniffers and other 
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network monitoring equipment. By this rationale "Official Notice" is taken that both the 
concept and advantages of providing for a rule based expert system to provide a 
service is well known and expected in the art. It would have been obvious to one of 
ordinary skill in the art to modify the teaching of Shwed to include a rule based expert 
system in order to provide a network system which can self correct itself in order to 
defend an attack which it was not previously coded for, thereby providing a more robust 
system as well as allowing for future upgrades and replacements. 

6. Referring to claim 2, Shwed discloses plural network nodes (i.e. plural gateways) 
forming an ISP intranet, the packet processing behaviors establishing tunnels between 
the network nodes (i.e. forming VPNs between the gateways) (e.g. abstract). 

7. Referring to claim 3, Shwed discloses the service creation tool comprises a GUI 
for defining services in the network programming language (col. 6, lines 35-50). 

8. Referring to claim 4, Shwed discloses a network processor abstraction layer 
associated with each network processor, the abstraction layer operable to translate the 
network programming language for execution on the associated network processor (i.e. 
the system administrator 102 is able to compile the network language into a language 
which is compatible with each network processor, i.e. gateway or workstation) (col. 6, 
lines 40-50; col. 8, lines 10-40). 
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9. Referring to claim 8, Shwed discloses the invention substantively as described in 
claim 7. Shwed does not specifically disclose an FPGA specification and the execution 
environment layer includes an FPGA compiler, rather just that the information is 
compiled in order to allow the gateways to execute the rule base. However it is well 
known that most routers include FPGA chips and firmware can be uploaded in order to 
update the security policies. By this rationale, "Official Notice" is taken that both the 
concept and advantages of providing for an FPGA specification and an FPGA compiler 
in the execution layer of Shwed is well known and expected in the art. It would have 
been obvious to one of ordinary skill in the art to modify the teaching of Shwed to 
include an FPGO compiler in order to allow the rule base to be executed by a router 
running an FPGA chip, resulting in increased customer base as well as a more 
compatible software product, resulting in a greater customer base and increased sales. 

10. Referring to claim 9, Shwed discloses the invention substantively as described in 
claim 7. Shwed further discloses having a network processor compiler (i.e. packet filter 
generator 208) (col. 6, lines 40-60). Shwed does not specifically state that the service 
further comprises a network processor pattern tree, however this is a well known feature 
of any compiler to convert the program language into a machine readable language. By 
this rationale, "Official Notice" is taken that both the concept and advantages of 
providing for a processor pattern tree in a compiler is well known and expected in the 
art. It would have been obvious to one of ordinary skill in the art to modify the teaching 
of Shwed to include a processor pattern tree in order to efficiently and quickly compile 
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the security rules generated by the GUI into the machine language required for the 
packet filter in the network, thus resulting in optimized code for the machine. 

1 1 . Claim 1 0 is rejected for similar reasons as stated above. Furthermore it is 
inherent that the service object is instantiated on the network node, otherwise the code 
segment cannot be executed. 

12. Referring to claim 1 1 , Shwed discloses subscribing a network end user customer 
to the service through the service control center (i.e. installing the rule base on the end 
user workstation inherently subscribes the user to the service of the VPN) (col. 6, lines 
10-30). 

13. Referring to claim 12, Shwed disclose providing customer parameters from the 
service control center to the network node, the customer parameters represented as 
instance variables of customer instances (i.e. the name of the workstations related to 
the filter) (Figure 3/2; col. 6, line 60 to col. 7, line 32). 

14. Claims 13, 17, 18, 19, 21, and 24 are rejected for similar reasons as stated 
above. Furthermore Shwed discloses the service layer having instructions that identify 
packet processing behaviors for execution by predetermined execution elements of a 
network node (Figure 6, ref. 604), the execution environment layer representing the 
network node execution elements to execute instructions from the service layer (Figure 
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6, ref. 608), and an infrastructure layer providing management functions to support the 
network node execution elements* (Figure 9, ref. 912; col. 10, lines 40-60) and Shwed 
further discloses a reporting element the execution environment comprising a 
procedural abstraction of the reporting element (i.e. the control module 210 is able to 
generate user interface information for the data stored in the logs) (col. 6, lines 45-55). 

15. Referring to claims 14-16, Shwed discloses the invention substantively as 
described in claim 13. Shwed does not specifically disclose using a drag and drop for 
parameters, plural tabs in a window which comprise a shape tab, a classify tab, a 
modify tab, and a queue tab, however all of these are design changes which are well, 
known in the art (i.e. drag-and-drop, and a plurality of tabs) and these tabs can be 
named anything, specifically as to what they do. By this rationale, "Official Notice" is 
taken that both the concept and advantages of providing for using a drag and drop for 
parameters, plural tabs in a window which comprise a shape tab, a classify tab, a 
modify tab, and a queue tab is well known and expected in the art. It would have been 
obvious to one of ordinary skill in the art to modify the teaching of Shwed to incorporate 
using a drag and drop for parameters, plural tabs in a window which comprise a shape 
tab, a classify tab, a modify tab, and a queue tab in order to make the GUI more 
pleasing to the user, and creating an effective GUI which will facilitate the user in 
making the correct security enhancements to the network. 
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Response to Amendments 

16. The Office has considered the amendments to claims 19-24. The rejection under 
35 USC 101 as being drawn to nonstatutory subject matter is hereby withdrawn. 

Response to Arguments 

1 7. Applicant's arguments with respect to claims 1 -4 and .8-24 have been considered 
but are moot in view of the new ground(s) of rejection. 

Conclusion 

1 8. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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19. Applicant has failed to seasonably challenge the Examiner's assertions of 
well known subject matter in the previous Office action(s) pursuant to the 
requirements set forth under MPEP §2144.03. A "seasonable challenge" is an 
explicit demand for evidence set forth by Applicant in the next response. 
Accordingly, the claim limitations the Examiner considered as "well known" in 
the first Office action, are now established as admitted prior art of record for the 
course of the prosecution. See In re Chevenard, 139 F.2d 71, 60 USPQ 239 (CCPA 
1943). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Joseph E. Avellino whose telephone number is (571) 
272-3905. The examiner can normally be reached on Monday-Friday 7:00-4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A. Wiley can be reached on (571) 272-3923. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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